Hackers Breach Linux Mint Distribution, Forums
Attackers manage to breach Linux Mint's security, adding a backdoor to the distribution and even stealing information from user forums.The Linux Mint operating system community is reeling today after the public disclosure on Feb. 21 that hackers managed to infiltrate the popular Linux distribution and plant a backdoor in the system. Adding further insult to injury, hackers were also able to compromise the Linux Mint user forum, stealing username and password information. As a result of the attack, the LinuxMint.com Website is now offline as the distribution scrambles to restore confidence and security. Linux Mint has emerged in recent years to become one of the most popular desktop Linux distributions in the world. A key part of Linux Mint's popularity is its Cinnamon desktop, which provides users with a different user interface from the more standard GNOME desktop. Linux Mint does, however, offer other desktop choices to users as well. It appears that on Feb. 20 the attackers were only able to impact the most recent Linux Mint 17.3 Cinnamon edition (which eWEEK reviewed here), according to Clement Lefebvre, founder of Linux Mint. Lefebvre noted the intrusion was brief and quickly discovered. "Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it," he wrote.
In addition to the hacked Linux Mint 17.3 Cinnamon Edition download, the attackers also compromised the user forums site (forums.linuxmint.com), stealing a copy of the entire database. Hackers now have usernames and passwords used on the Linux Mint forum Websites, and so it is imperative that users make sure they aren't using the same username/password combination on other sites.